mpg123, older issue in mpg123

Salvatore Bonaccorso Sat, 11 May 2019 04:42:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
37c6cd43 by Salvatore Bonaccorso at 2019-05-11T11:41:41Z
Add CVE-2017-12839/mpg123, older issue in mpg123

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -98964,7 +98964,9 @@ CVE-2017-12841
 CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ 
client  ...)
        NOTE: DESLock+
 CVE-2017-12839 (A heap-based buffer over-read in the getbits function in 
src/libmpg123 ...)
-       TODO: check
+       - mpg123 1.25.6-1
+       NOTE: https://sourceforge.net/p/mpg123/bugs/255/
+       NOTE: 
https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date
 CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 
1.5 allows ...)
        NOT-FOR-US: NexusPHP
 CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in 
regcomp.c in P ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37c6cd4385f0a8d126c5244922819e3b6c520190

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/37c6cd4385f0a8d126c5244922819e3b6c520190
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add CVE-2017-12839/mpg123, older issue in mpg123

Reply via email to